Assurance IT invited Security Engineer Manager, Mark Salinas, to chat about the evolution of cyber security.
In this episode, Mark Salinas and co-founder of Assurance IT, Luigi Tiano, discuss:
Resources:
Watch the episode: https://youtu.be/TUA01zTVbw0
Mark Salinas' LinkedIn: https://www.linkedin.com/in/mark-salinas-75b9363/
Luigi Tiano’s LinkedIn: https://www.linkedin.com/in/luigitiano/
Assurance IT Website: http://www.assuranceit.ca/
About Mark Salinas:
Over 20 years industry experience as a security & network architect and engineer, including: design & installation of: networking, Cloud, Network Security, Firewalls, IDS/IPS, Application Security /Firewall, Application Acceleration, WAN Optimization. WAF and DAM. Cloud Services. PCI & NERC Compliance and GRC. CISSP. Pre-Sales as well as Post Sales Support. Network & Security Architecture designs. Security Audits & reviews. US citizen. Mentor.
About 10 Questions to Cyber Resilience:
Twice per month, learn about how IT leaders are strengthening their cyber security practices. Every episode comprises of 10 questions that get you one step closer to cyber resilience. Subscribe to stay up-to-date with hot topics in cyber security.
About Assurance IT:
Assurance IT (www.assuranceit.ca) specializes in data protection and data privacy for the mid-market in Canada, since 2011. The Montreal-based company’s unique approach to helping customers become cyber resilient is called the PPR Methodology which stands for Prepare, Protect and Recover. Based on industry best practices, the PPR Methodology is an easier way to achieve cyber security and compliance objectives.
This is 10
Voiceover:questions to cyber resilience
Voiceover:brought to you by assurance
Voiceover:it released twice per month.
Voiceover:Every episode brings you one
Voiceover:step closer to cyber resilience
Voiceover:by hearing how it leaders are
Voiceover:practicing cyber security.
Voiceover:Resources mentioned in the episode
Voiceover:can be found in the show notes.
Voiceover:If you are ready to take your
Voiceover:cyber resilience to the next
Voiceover:level, be sure to subscribe so
Voiceover:you can catch every episode.
Luigi Tiano:Tell us a
Luigi Tiano:little bit about yourself,
Luigi Tiano:who you are and what you do.
Mark Salinas:Sure.
Mark Salinas:My name's Mark.
Mark Salinas:I'm a cyber security, depending
Mark Salinas:on the day of the week, you
Mark Salinas:know, the time of the day
Mark Salinas:architect, engineer, manager,
Mark Salinas:any, all of those things.
Mark Salinas:I started in networking.
Mark Salinas:I was young, hungry and maybe
Mark Salinas:not bright in that, you know,
Mark Salinas:people would ask me to do stuff
Mark Salinas:and I'd say, yes, my natural
Mark Salinas:inclination at the time was
Mark Salinas:to say yes to everything.
Mark Salinas:So people would say,
Mark Salinas:Hey, I wanna network.
Mark Salinas:And I'd say yes.
Mark Salinas:And then I'd say, all right,
Mark Salinas:like how are we gonna do that?
Mark Salinas:So I started networking and
Mark Salinas:then because of the progression
Mark Salinas:of networking and layer three
Mark Salinas:firewalls, typically the
Mark Salinas:network of people were selected
Mark Salinas:to be the firewall experts.
Mark Salinas:Because again, the
Mark Salinas:layer three knowledge.
Mark Salinas:I just remember my boss, her
Mark Salinas:name was Kim said, I'm gonna
Mark Salinas:send you to firewall school.
Mark Salinas:And I said, sure, again, I
Mark Salinas:wanna say yes to everything.
Mark Salinas:And so I have to find
Mark Salinas:her and thank her.
Mark Salinas:So I've been in firewalls
Mark Salinas:since 2000 and it's just
Mark Salinas:been a natural progression of
Mark Salinas:firewalls to wa to
Mark Salinas:host, to network.
Mark Salinas:And it's all, it's just
Mark Salinas:a natural progression.
Mark Salinas:This latest job I decided I
Mark Salinas:was tired of telling people
Mark Salinas:they were doing it wrong and
Mark Salinas:jump into the fire myself.
Mark Salinas:Show 'em how it's done.
Mark Salinas:Good news is I'm doing it.
Mark Salinas:The bad news is it's
Mark Salinas:harder than it looks on TV.
Mark Salinas:So it's a challenge.
Mark Salinas:It's exciting.
Mark Salinas:Sometimes it's exciting,
Mark Salinas:like a roller coaster.
Mark Salinas:Sometimes it's exciting
Mark Salinas:like the house is on fire.
Mark Salinas:So not a good kind of exciting,
Mark Salinas:but every day is interesting.
Luigi Tiano:yeah, I know.
Luigi Tiano:I can appreciate that.
Luigi Tiano:It's great.
Luigi Tiano:And you mentioned like, the
Luigi Tiano:networking professional, right?
Luigi Tiano:So I guess inherently 15, 20
Luigi Tiano:years ago, if you were in the
Luigi Tiano:networking world, especially when
Luigi Tiano:talking in touching firewalls
Luigi Tiano:in the perimeter, you by default
Luigi Tiano:became the security expert, right.
Luigi Tiano:There was really no notion
Luigi Tiano:of actually having a
Luigi Tiano:security team at that time.
Luigi Tiano:Right.
Luigi Tiano:It was just securing the perimeter.
Mark Salinas:In fact, it
Mark Salinas:was usually, Hey, you network
Mark Salinas:guys here you're running the
Mark Salinas:firewalls and the network people.
Mark Salinas:Yeah.
Mark Salinas:Port IPs ports.
Mark Salinas:Sure.
Mark Salinas:That was a natural progression.
Mark Salinas:So I still think it's a
Mark Salinas:good natural progression.
Mark Salinas:There's still more obviously,
Mark Salinas:as you know, but it is
Mark Salinas:a natural progression.
Mark Salinas:I prefer to see kind
Mark Salinas:of an evolution.
Mark Salinas:Everybody wants to snap
Mark Salinas:their fingers and be a
Mark Salinas:cybersecurity expert or hire
Mark Salinas:one, but it's a progression.
Mark Salinas:You're not gonna know
Mark Salinas:everything day one.
Mark Salinas:So great way to start is
Mark Salinas:PCs, networking, layer
Mark Salinas:three, work your way up.
Luigi Tiano:Yep.
Luigi Tiano:I agree.
Luigi Tiano:Can't agree more and in terms
Luigi Tiano:of size of companies that
Luigi Tiano:you worked for I mean, I've
Luigi Tiano:looked at your profile and
Luigi Tiano:I've seen what you've done.
Luigi Tiano:You've worked for some rather
Luigi Tiano:larger organizations, right?
Luigi Tiano:Tell us a little bit about the
Luigi Tiano:sizes that you've gone through
Luigi Tiano:over the years, and where do
Luigi Tiano:you feel the most comfortable?
Luigi Tiano:Where you can provide
Luigi Tiano:the most value?
Mark Salinas:That's
Mark Salinas:actually a great question.
Mark Salinas:I've done well in the telcos.
Mark Salinas:The telcos typically are very
Mark Salinas:strong in their networking,
Mark Salinas:not necessarily IP networking
Mark Salinas:or not necessarily security.
Mark Salinas:So I always was very
Mark Salinas:successful at the telcos.
Mark Salinas:Typically the customers
Mark Salinas:that need help as let's say
Mark Salinas:the fortune 1000 of 2000.
Mark Salinas:So I've done well in mid to
Mark Salinas:large fortune 100 fortune 10.
Mark Salinas:You know, those guys are
Mark Salinas:Jamie diamond is rumored
Mark Salinas:to have like a thousand or
Mark Salinas:10,000 people in security.
Mark Salinas:So they're not gonna need
Mark Salinas:a lot of help, but the
Mark Salinas:midsize couple fortune 1000
Mark Salinas:they're gonna need some help.
Luigi Tiano:Yeah.
Mark Salinas:And so that's
Mark Salinas:where I've done well.
Mark Salinas:They're doing things, you
Mark Salinas:know, and they still need help.
Mark Salinas:And so I've been successful there.
Luigi Tiano:Interesting.
Luigi Tiano:Thank you for sharing that.
Luigi Tiano:So without dating both of ourselves
Luigi Tiano:here I'd like to talk a little bit
Luigi Tiano:about how protecting the enterprise
Luigi Tiano:has evolved over the years.
Luigi Tiano:I think you touched a little bit
Luigi Tiano:upon it earlier when you mentioned,
Luigi Tiano:being close to the networking
Luigi Tiano:aspect, but how do you see that
Luigi Tiano:change happen over the years?
Luigi Tiano:There's definitely been
Luigi Tiano:a change and how has it
Luigi Tiano:evolved in your opinion?
Mark Salinas:Yeah, absolutely.
Mark Salinas:It started, it's funny from a let's
Mark Salinas:skip protecting for two seconds.
Mark Salinas:Networking's gone the full circle.
Mark Salinas:We had main one mainframe at
Mark Salinas:headquarters and we went full
Mark Salinas:distributed computing, and now
Mark Salinas:we're going back to a big host.
Mark Salinas:Not a mainframe God forbid, but a
Mark Salinas:big host running in a data center.
Mark Salinas:So we're back to where we started.
Mark Salinas:The part that's
Mark Salinas:hard is, it was easy
Mark Salinas:protecting one mainframe or
Mark Salinas:your web presence, because you
Mark Salinas:knew what your tax surface was.
Mark Salinas:The key buzzword to everybody
Mark Salinas:should be a tax surface.
Mark Salinas:You have to know your tax surface.
Mark Salinas:So back when web, and when
Mark Salinas:eCommerce took off, you had
Mark Salinas:one or two, imagine an Amazon.
Mark Salinas:You have one server, amazon.com
Mark Salinas:protect the daylights out of it.
Mark Salinas:And yeah, everybody was hacking
Mark Salinas:amazon.com to get free stuff or
Mark Salinas:steal money or things like that.
Mark Salinas:So it went from, let me
Mark Salinas:protect one site or one
Mark Salinas:data center or one thing.
Mark Salinas:To now with malware, the
Mark Salinas:goal is to take over a PC.
Mark Salinas:And so now I gotta go from
Mark Salinas:protecting 1, 2, 10 servers
Mark Salinas:to 2000, 10,000 endpoints.
Mark Salinas:And 99%
Mark Salinas:isn't good enough.
Mark Salinas:If you have 1% of your PCs
Mark Salinas:vulnerable in that 1% gets
Mark Salinas:malware, you're stuck.
Mark Salinas:You're in a bad place.
Mark Salinas:And so it's gotten harder
Mark Salinas:in that I have to know
Mark Salinas:where every single PC is.
Mark Salinas:It's gotten harder because, I was
Mark Salinas:originally for compliance for, for
Mark Salinas:servers, it's a hundred percent.
Mark Salinas:I have to be 100% patched.
Mark Salinas:For PCs I was like, you know
Mark Salinas:what, with the executives and
Mark Salinas:traveling, let's shoot for 95%.
Mark Salinas:95% isn't good enough.
Mark Salinas:It's not good enough.
Luigi Tiano:Yeah.
Mark Salinas:And at college,
Mark Salinas:they get you a good a but in
Mark Salinas:the real world, that just means
Mark Salinas:95% of a thousand is what?
Mark Salinas:50.
Mark Salinas:So 50 PCs are vulnerable.
Mark Salinas:So pray that those 50 PCs don't
Mark Salinas:get attacked and that's so
Luigi Tiano:the
Luigi Tiano:cliche says, right.
Luigi Tiano:You're as strong as
Luigi Tiano:your weakest link.
Luigi Tiano:If you've got one weak link
Luigi Tiano:in the chain there, which
Luigi Tiano:could be any PC that's
Luigi Tiano:vulnerable, then you're done.
Luigi Tiano:Right.
Luigi Tiano:So yeah, there's no room for error.
Luigi Tiano:There's no margin error.
Luigi Tiano:That's sure when it comes to
Luigi Tiano:protecting enterprise and the
Luigi Tiano:end point you mentioned it.
Luigi Tiano:I think the endpoint is extremely,
Luigi Tiano:it was overlooked, right?
Luigi Tiano:You said it's kind of evolved.
Luigi Tiano:Right.
Luigi Tiano:And an endpoint also now
Luigi Tiano:means having a mobile
Luigi Tiano:device in your possession.
Luigi Tiano:So that also has to
Luigi Tiano:be protected as well.
Mark Salinas:Yeah.
Mark Salinas:And I'm glad you brought that up.
Mark Salinas:This whole MDM mobile device
Mark Salinas:management and bring your own
Mark Salinas:device like, oh, at least,
Mark Salinas:you know, when you have a
Mark Salinas:corporate image, it's our device.
Mark Salinas:This is the image I am security.
Mark Salinas:I am responsible for the
Mark Salinas:PC on your desk, Luigi
Luigi Tiano:Right.
Mark Salinas:Now.
Mark Salinas:It's oh yeah.
Mark Salinas:Luigi, you bring your own device.
Mark Salinas:Like, what are you kidding me?
Mark Salinas:what's on your device?
Mark Salinas:Do I even know?
Luigi Tiano:Exactly, exactly.
Luigi Tiano:And where does that
Luigi Tiano:device come from?
Luigi Tiano:Who's had it?
Luigi Tiano:You know, sometimes people buy
Luigi Tiano:devices, like they'll buy them
Luigi Tiano:online and they'll reuse them.
Luigi Tiano:And so on.
Luigi Tiano:It's such a tough situation to be
Luigi Tiano:in when you're managing a bunch of
Luigi Tiano:devices from whomever, and yeah,
Luigi Tiano:the job has been has obviously
Luigi Tiano:become more difficult for everyone.
Luigi Tiano:So
Mark Salinas:yeah.
Luigi Tiano:That kind of leads me
Luigi Tiano:to my question about cybersecurity.
Luigi Tiano:We use this word, listen,
Luigi Tiano:it's, it's not a buzzword,
Luigi Tiano:it's an actual thing, but yeah.
Luigi Tiano:So what does
Luigi Tiano:cybersecurity mean to you?
Luigi Tiano:What did it mean in 2000, right.
Luigi Tiano:Let's go back.
Luigi Tiano:What does it mean in 2000 versus
Luigi Tiano:what cybersecurity is in 2022?
Luigi Tiano:What's your opinion then?
Mark Salinas:Sure.
Mark Salinas:Yeah, no, it's gotten better
Mark Salinas:and it's gotten worse.
Mark Salinas:So 2000 I had my web servers,
Mark Salinas:I had to protect, we had
Mark Salinas:firewalls, so I have one firewall
Mark Salinas:per data center, a handful of
Mark Salinas:rules, a handful of servers.
Mark Salinas:If people went home, they
Mark Salinas:dialed in, literally dialed in.
Luigi Tiano:Yep.
Mark Salinas:And then you went
Mark Salinas:through the corporate network.
Mark Salinas:So your traffic came back
Mark Salinas:to corporate got secure,
Mark Salinas:went back out again.
Mark Salinas:These days with cloud, everyone
Mark Salinas:wants to do everything everywhere.
Mark Salinas:So I've got my laptop and I wanna
Mark Salinas:do everything in a Starbucks.
Mark Salinas:Okay.
Mark Salinas:We have things for that.
Mark Salinas:There's cloud security, cloud
Mark Salinas:proxies and that's all well and
Mark Salinas:good, but it still comes down to,
Mark Salinas:the IT guys, the IT department,
Mark Salinas:the IT security department has
Mark Salinas:to say, okay, every PC has the
Mark Salinas:appropriate software so that
Mark Salinas:when you go out to, to your
Mark Salinas:Starbucks in, You know, east of
Mark Salinas:PIP, Idaho that you're protected
Mark Salinas:and there's tools for that.
Mark Salinas:But again, it's back to that a
Mark Salinas:hundred percent and I have to
Mark Salinas:make sure every tool is up to
Mark Salinas:date in terms of all the clients.
Mark Salinas:Every PC I'm sorry
Luigi Tiano:Right.
Luigi Tiano:And you made me think
Luigi Tiano:about something right now.
Luigi Tiano:So cybersecurity again
Luigi Tiano:in 2000 versus 2022.
Luigi Tiano:I mean the end user,
Luigi Tiano:what does that look like?
Luigi Tiano:I remember my first
Luigi Tiano:job before 2000.
Luigi Tiano:I was kind of just an enterprise
Luigi Tiano:there and security was not
Luigi Tiano:even a thing that we thought
Luigi Tiano:about, to be honest with you.
Luigi Tiano:Now let's just be honest, right?
Luigi Tiano:So now security is like day one,
Luigi Tiano:any job orientation, that's kind
Luigi Tiano:of like they're pounding in.
Luigi Tiano:So against the culture
Luigi Tiano:shift, I think.
Luigi Tiano:Right?
Luigi Tiano:So what did you see in
Luigi Tiano:terms of your end users in
Luigi Tiano:2020 or 2000 versus now?
Luigi Tiano:Have you seen that shift happen?
Luigi Tiano:Is it real thing where
Luigi Tiano:people are more cognizant?
Mark Salinas:That's
Mark Salinas:two different questions.
Luigi Tiano:You're right.
Mark Salinas:People
Mark Salinas:are getting training.
Mark Salinas:Years ago,
Mark Salinas:it was, don't leave your
Mark Salinas:laptop in your backseat.
Mark Salinas:Security man.
Mark Salinas:Don't leave your laptop
Mark Salinas:in your backseat.
Mark Salinas:Be careful going through
Mark Salinas:airport security.
Mark Salinas:There's rules around security
Mark Salinas:were very, just common sense.
Mark Salinas:Don't do something really dumb.
Luigi Tiano:Yes.
Mark Salinas:Now it's, you
Mark Salinas:know, watch out for this.
Mark Salinas:Watch out for that.
Mark Salinas:I wanna go down, I guess
Mark Salinas:now is as good time as any.
Mark Salinas:You and I corporates training
Mark Salinas:users, there is now most
Mark Salinas:companies onboarding, you get
Mark Salinas:a full hour of IT security
Mark Salinas:training, one to three hours.
Mark Salinas:And that's fantastic.
Mark Salinas:But when I have conversations
Mark Salinas:with people, so two
Mark Salinas:things are happening.
Mark Salinas:One users are getting trained.
Mark Salinas:Yes.
Luigi Tiano:Yep.
Mark Salinas:Two users are aware.
Mark Salinas:If you call someone up and say,
Mark Salinas:Hey I think we have a problem.
Mark Salinas:They go, oh yeah, I get it.
Mark Salinas:They'll spout you.
Mark Salinas:This is what don't do these things.
Mark Salinas:Mm-hmm I go, great.
Mark Salinas:You get it.
Mark Salinas:And then when I look at
Mark Salinas:my inbox and everyone is
Mark Salinas:forwarding me, their spam
Mark Salinas:saying, is this phishing?
Mark Salinas:And I'm like, It's free Viagra.
Mark Salinas:Like really?
Mark Salinas:like, you know, people
Mark Salinas:are forwarding me.
Mark Salinas:I'm 91% of the, I think this is
Mark Salinas:phishing report phishing button
Mark Salinas:is not phishing so the 91%.
Mark Salinas:And it's really,
Mark Salinas:you just look at it.
Mark Salinas:It's free Walmart gift cards.
Mark Salinas:I mean, come on guys.
Mark Salinas:So.
Mark Salinas:There's a disconnect between
Mark Salinas:what people are saying and what
Mark Salinas:they're clicking and either,
Mark Salinas:well, first it brings me, I
Mark Salinas:guess, to my next point, I
Mark Salinas:don't mean to go off your path.
Mark Salinas:Sorry.
Luigi Tiano:No, no.
Mark Salinas:All
Mark Salinas:people are scared.
Mark Salinas:First and foremost,
Mark Salinas:people are scared.
Mark Salinas:Executives that I don't think
Mark Salinas:should be scared and normal
Mark Salinas:users, end users, somebody, an
Mark Salinas:accountant and account managers.
Mark Salinas:And we don't expect
Mark Salinas:them to be savy.
Mark Salinas:They're scared.
Mark Salinas:We put the fear God in
Mark Salinas:them and that's okay.
Mark Salinas:I'm kind of glad to be honest, but
Mark Salinas:they're not doing the right thing.
Mark Salinas:So scaring someone into doing
Mark Salinas:the right thing is not working.
Mark Salinas:Second.
Luigi Tiano:That's interesting.
Luigi Tiano:That's interesting point.
Luigi Tiano:Yeah.
Mark Salinas:We've scared
Mark Salinas:them and now they forward
Mark Salinas:me all their emails.
Mark Salinas:To say, Hey, Mark is this phishing?
Mark Salinas:Is this phishing is,
Mark Salinas:oh, for the love of God.
Mark Salinas:Like, this is not
Mark Salinas:all, this is spam.
Mark Salinas:This is, you know?
Luigi Tiano:There's
Luigi Tiano:differentiation there.
Luigi Tiano:Yeah.
Mark Salinas:There's a big,
Mark Salinas:that spam is at this point.
Mark Salinas:Anyone older than the age of five
Mark Salinas:should know spam, come on, right?
Luigi Tiano:Yep.
Mark Salinas:Because
Mark Salinas:we get so much of it.
Mark Salinas:But it's the part that's throwing
Mark Salinas:me is executives the boards.
Mark Salinas:I wrote this in my
Mark Salinas:column and you jumped in.
Mark Salinas:I appreciate it.
Mark Salinas:If you go in front of the board
Mark Salinas:and say, I need money for cyber
Mark Salinas:security, the boards gonna say
Mark Salinas:yes, and I am like, awesome.
Mark Salinas:That's a great thing for business.
Mark Salinas:So the board says, go spend some
Mark Salinas:money, but then the executives are
Mark Salinas:like, so I bought a whole bunch
Mark Salinas:of tools and I'm like, okay, what
Mark Salinas:are you doing with those tools?
Mark Salinas:And they're like watching
Mark Salinas:security and I'm like, I need a
Mark Salinas:little better answer than that.
Luigi Tiano:Right.
Mark Salinas:And so.
Mark Salinas:As I write, these tools need
Mark Salinas:to be managed when I was
Mark Salinas:doing this role, I was like,
Mark Salinas:let's go buy some tools.
Mark Salinas:And then, you know, added
Mark Salinas:four hours to my day.
Mark Salinas:Maybe I'm not getting
Mark Salinas:the best viewpoint here.
Mark Salinas:So we need to be selective
Mark Salinas:about the tools and if
Mark Salinas:we buy tools, we need to
Mark Salinas:really use the tool.
Mark Salinas:I'm hung up on a database
Mark Salinas:activity monitoring.
Mark Salinas:People are buying it and when
Mark Salinas:I look at how they're using it,
Mark Salinas:database activity monitoring
Mark Salinas:is an incredible tool, but you
Mark Salinas:need the database person sitting
Mark Salinas:next to you because I don't know
Mark Salinas:what the database looks like.
Mark Salinas:And so here's this expensive
Mark Salinas:tools creating these reports
Mark Salinas:that no one knows how to read.
Mark Salinas:And I'm like this is not good.
Mark Salinas:So it's business needs to take
Mark Salinas:a breath and every time you do
Mark Salinas:something, say, I bought something.
Mark Salinas:Okay.
Mark Salinas:What are you gonna do with it?
Mark Salinas:What's the purpose.
Luigi Tiano:Yeah.
Luigi Tiano:Before buying it before buying it.
Luigi Tiano:Right?
Luigi Tiano:Like understand it's objective.
Luigi Tiano:Understand what value you're
Luigi Tiano:looking to derive from it.
Luigi Tiano:Right.
Luigi Tiano:That's a very good, valid point.
Luigi Tiano:I like that because.
Luigi Tiano:Again, and this is just my opinion.
Luigi Tiano:And I'm talking to a lot of
Luigi Tiano:professional like yourself about
Luigi Tiano:it, and I'm trying to distinguish
Luigi Tiano:between what cybersecurity is
Luigi Tiano:and what cyber resilience is.
Luigi Tiano:And I know, again, it's another
Luigi Tiano:buzzword, but when I'm speaking
Luigi Tiano:to customers, I'm basically trying
Luigi Tiano:to say, let's do cybersecurity.
Luigi Tiano:But,
Luigi Tiano:we need you to be cyber resilient
Luigi Tiano:and when I say that, I try to
Luigi Tiano:explain what that means, because
Luigi Tiano:for me, and I want your opinion
Luigi Tiano:on this and this is important.
Luigi Tiano:Cybersecurity could be,
Luigi Tiano:like you said, tools and
Luigi Tiano:processes to just secure stuff.
Luigi Tiano:When I talk cyber resilience,
Luigi Tiano:it's more of a culture change.
Luigi Tiano:It's more of you know,
Luigi Tiano:understanding that the enterprise
Luigi Tiano:and everyone involved and engaged
Luigi Tiano:in the enterprise has to have
Luigi Tiano:some kind of responsibility.
Luigi Tiano:So are you talking cyber to
Luigi Tiano:your customers and peers?
Luigi Tiano:What does it mean to you?
Mark Salinas:Yeah.
Mark Salinas:I'm glad you brought that.
Mark Salinas:Cuz to be honest, the first time
Mark Salinas:you said it, you really annoyed
Mark Salinas:me because it kinda opened
Mark Salinas:up a whole another subject.
Luigi Tiano:Oh oh, okay.
Luigi Tiano:Now the truth's coming
Mark Salinas:You spot
Mark Salinas:on no, no hats off.
Mark Salinas:You're spot on.
Mark Salinas:Back in the day, hacking meant
Mark Salinas:like they stole your information.
Mark Salinas:You just had to recover from that.
Mark Salinas:Right now, a hack might be
Mark Salinas:either brick your server
Mark Salinas:or encrypt your data.
Mark Salinas:So how do you recover from that?
Mark Salinas:Well, you know, disaster recovery.
Mark Salinas:And so today you need to have
Mark Salinas:your backup system, which the
Mark Salinas:good news is those of us in IT.
Mark Salinas:They've been doing this since the
Mark Salinas:forties or fifties or sixties.
Mark Salinas:IT understands backup
Mark Salinas:and restoration.
Luigi Tiano:Got it.
Mark Salinas:That's the good news.
Luigi Tiano:Yeah.
Mark Salinas:But we've sort of
Mark Salinas:have raised the bar on them in
Mark Salinas:that we need to be more careful.
Mark Salinas:So we are now encrypting
Mark Salinas:the backups and we're
Mark Salinas:putting something on site.
Mark Salinas:The good news is again, good news
Mark Salinas:is that there's better tools.
Mark Salinas:A lot of the DR type products are
Mark Salinas:actually like a sand or something
Mark Salinas:that you can recover much, much,
Mark Salinas:much quicker back in the day, it
Mark Salinas:was rebuild the server and then
Mark Salinas:go off site and get the tapes
Luigi Tiano:Right.
Mark Salinas:And restore the
Mark Salinas:tapes, which is the slowest
Mark Salinas:thing since watching paint dry.
Mark Salinas:Now it's, I need to
Mark Salinas:recover in an hour.
Mark Salinas:So we spin up a new VM, which,
Mark Salinas:you know, takes a minute.
Mark Salinas:And then this data storage
Mark Salinas:device that no one knew what
Mark Salinas:it was for now restores a
Mark Salinas:Terabyte, half a petabyte,
Mark Salinas:whatever X, wherever we are.
Luigi Tiano:Yep.
Mark Salinas:So this backup
Mark Salinas:thing restores hundreds of
Mark Salinas:gigabytes in 15 minutes.
Mark Salinas:So it's changed, but I think
Mark Salinas:at least those of us who
Mark Salinas:are preoccupied with it.
Mark Salinas:I think we're in a good
Mark Salinas:place, because again, we
Mark Salinas:have this cool expensive high
Mark Salinas:performance backup system.
Mark Salinas:That's ready to go in minutes.
Luigi Tiano:So that's
Luigi Tiano:a great example.
Luigi Tiano:I see.
Luigi Tiano:Like when you say cyber resilience,
Luigi Tiano:you wanna be able to recover.
Luigi Tiano:I think recovering in any
Luigi Tiano:situation is the bigger battle.
Luigi Tiano:I mean getting attacked or
Luigi Tiano:hacked and losing data is fine.
Luigi Tiano:It was fine.
Luigi Tiano:It's never fine, but
Luigi Tiano:you know what I mean?
Luigi Tiano:Like it happens, but now
Luigi Tiano:if the organization is not
Luigi Tiano:ready, doesn't have a plan.
Luigi Tiano:That's where I see the shortcoming.
Luigi Tiano:When you talk about resilience, can
Luigi Tiano:we actually get back on our feet?
Luigi Tiano:Right.
Luigi Tiano:That's what I mean when I talk
Luigi Tiano:about cyber resilience for me,
Luigi Tiano:it's how quickly can you recover?
Luigi Tiano:Can you really make those
Luigi Tiano:objectives as an organization?
Luigi Tiano:How long can you live being down?
Luigi Tiano:What are the processes and steps
Luigi Tiano:and solutions you have in place
Luigi Tiano:to get you back up and running,
Luigi Tiano:which you've just described.
Luigi Tiano:So for me, that's the
Luigi Tiano:differentiation between
Luigi Tiano:cyber security and the
Luigi Tiano:cyber resilient aspect.
Luigi Tiano:That's the culture that I refer to
Luigi Tiano:and maybe there's a better word.
Luigi Tiano:Maybe there isn't.
Luigi Tiano:But for me, that's kind of
Luigi Tiano:the one that I've been using.
Luigi Tiano:And if you think of a better
Luigi Tiano:one, Mark, let me know, man.
Mark Salinas:No, I didn't like
Mark Salinas:it, but again, you're making
Mark Salinas:me think of things I don't
Mark Salinas:wanna think about LA LA LA.
Mark Salinas:Everything's fine.
Luigi Tiano:Yeah
Mark Salinas:No,
Mark Salinas:I appreciate that.
Mark Salinas:No, it's good because again,
Mark Salinas:today what's the most likely
Mark Salinas:after they steal your data?
Mark Salinas:Encrypt it.
Luigi Tiano:Yeah.
Mark Salinas:So right now that's
Mark Salinas:the standard or common attack.
Mark Salinas:So if I'm encrypted, I'm gonna
Mark Salinas:try and decrypted, I'm gonna
Mark Salinas:wipe it and start from scratch.
Luigi Tiano:Yeah.
Mark Salinas:And it's funny
Mark Salinas:how we talk about days.
Mark Salinas:How many days to
Mark Salinas:recover or hours now?
Mark Salinas:It's minutes.
Luigi Tiano:Yeah.
Luigi Tiano:Yeah.
Mark Salinas:And
Mark Salinas:the tools are there.
Mark Salinas:Again, if you're in a normal shop,
Mark Salinas:you're gonna have a hypervisor.
Mark Salinas:And you're gonna spin up a
Mark Salinas:new servers and then you're
Mark Salinas:gonna restore the data locally.
Mark Salinas:In some ways well, we're okay.
Mark Salinas:And we can recover from an attack.
Mark Salinas:Obviously the goal for people
Mark Salinas:like us is to not get attacked.
Luigi Tiano:Exactly.
Luigi Tiano:But again, like you said, the
Luigi Tiano:tool and the process and the
Luigi Tiano:knowhow, that all comes together.
Luigi Tiano:Right.
Luigi Tiano:And a lot of companies
Luigi Tiano:that I'm working with, they
Luigi Tiano:haven't done a restore test.
Luigi Tiano:They haven't done a
Luigi Tiano:backup integrity check in
Luigi Tiano:months, sometimes years.
Luigi Tiano:It's just reality things.
Luigi Tiano:Backing up is the easy part.
Luigi Tiano:Do you know if it works, you know?
Mark Salinas:Funny
Mark Salinas:you say that yeah.
Mark Salinas:The big DR companies used
Mark Salinas:to make you do a DR test
Mark Salinas:and no, you're right.
Mark Salinas:The good news is IT is
Mark Salinas:used to doing backups,
Mark Salinas:backups, backups, backups.
Mark Salinas:And then, like you just said, when
Mark Salinas:was your last restoration test?
Mark Salinas:It gets really quiet.
Luigi Tiano:Yeah.
Luigi Tiano:Look, I'm just being honest.
Luigi Tiano:You know what I mean?
Luigi Tiano:Obviously, this is
Luigi Tiano:what we do, right.
Luigi Tiano:We walk into companies, we tell
Luigi Tiano:'em, listen, this is what you need.
Luigi Tiano:And more, more so than ever
Luigi Tiano:when you're trying to apply
Luigi Tiano:for a cyber insurance policy,
Luigi Tiano:or you're trying to meet your
Luigi Tiano:auditor's needs, they're asking
Luigi Tiano:those questions regardless.
Luigi Tiano:So we're just helping you
Luigi Tiano:put those things in place.
Luigi Tiano:So, Again, you can circumvent
Luigi Tiano:it or you can just follow the
Luigi Tiano:rules and do what you need
Luigi Tiano:to do and just feel better
Luigi Tiano:and sleep better at night.
Luigi Tiano:That's kind of how we put it.
Luigi Tiano:So I appreciate that.
Luigi Tiano:And like I said, we still
Luigi Tiano:have a long way to understand
Luigi Tiano:or make the culture better
Luigi Tiano:in all organizations.
Luigi Tiano:But I think we are in the right
Luigi Tiano:path from what I'm seeing.
Luigi Tiano:I do have a really
Luigi Tiano:sensitive question or
Luigi Tiano:maybe a philosophical one.
Luigi Tiano:But, there's a lot of ransomware
Luigi Tiano:attacks happening right now.
Luigi Tiano:There's a lot.
Luigi Tiano:We see them every day in the news.
Luigi Tiano:They're highly
Luigi Tiano:visible in the media.
Luigi Tiano:Companies can't hide from
Luigi Tiano:these attacks anymore.
Luigi Tiano:People find out about
Luigi Tiano:them relatively quickly.
Luigi Tiano:But some of the attacks that make
Luigi Tiano:me very worried, are ones that
Luigi Tiano:are on critical infrastructure.
Luigi Tiano:The US has seen some over
Luigi Tiano:the last couple of months
Luigi Tiano:or the years and so on.
Luigi Tiano:What's your thoughts on that?
Luigi Tiano:Are we ready?
Luigi Tiano:Are we not.
Luigi Tiano:Again, this is philosophical one,
Luigi Tiano:so you can answer if you want
Luigi Tiano:to, but what are your thoughts
Luigi Tiano:when it comes to ransomware
Luigi Tiano:on critical US infrastructure
Mark Salinas:we're not ready.
Mark Salinas:The good news is I could tell
Mark Salinas:you from interviewing and meeting
Mark Salinas:people and things like that.
Mark Salinas:They're now aware of it.
Mark Salinas:Of course, colonial pipeline,
Mark Salinas:making the headlines help make it.
Mark Salinas:I think that the companies are
Mark Salinas:aware of it, but like everybody
Mark Salinas:else now it's just like somebody,
Mark Salinas:you know, you go to the doctor
Mark Salinas:and he says, you're an inch
Mark Salinas:away from a heart attack.
Mark Salinas:You're like, oh, oh, snap.
Mark Salinas:Now what?
Luigi Tiano:Right.
Mark Salinas:So now they
Mark Salinas:gotta hire people and they are.
Mark Salinas:I would say they're
Mark Salinas:all in step one or two.
Mark Salinas:You know, what they tell
Mark Salinas:you, admitting you have a
Mark Salinas:problem is the first step.
Mark Salinas:So, so they're, they're
Mark Salinas:like the alcoholics,
Mark Salinas:it's a terrible analogy.
Mark Salinas:I'm sorry.
Mark Salinas:You know, they're admitting
Mark Salinas:there's a problem.
Mark Salinas:And now that needs to be
Mark Salinas:addressed and so I think we're
Mark Salinas:in a good place in that we're
Mark Salinas:moving forward, but are we
Mark Salinas:ready today for an attack?
Mark Salinas:Oh the heck, no, we're not ready.
Luigi Tiano:So admitting
Luigi Tiano:the problem exists, that's
Luigi Tiano:the first step we got that.
Luigi Tiano:Then of course, setting a path
Luigi Tiano:and charting a path to mitigating
Luigi Tiano:the risk and then having processes
Luigi Tiano:and solutions in place then
Luigi Tiano:in the event, it does happen.
Luigi Tiano:Be able to bring them back quickly.
Mark Salinas:Yeah.
Mark Salinas:Yeah, absolutely.
Luigi Tiano:Okay.
Luigi Tiano:Yeah and just touching
Luigi Tiano:a little bit on that.
Luigi Tiano:I've seen it.
Luigi Tiano:Obviously here in Canada as
Luigi Tiano:well, we have these, you know,
Luigi Tiano:huge, huge, companies who
Luigi Tiano:provide infrastructure, whether
Luigi Tiano:it be hydroelectric and so
Luigi Tiano:on, the railways and so on.
Luigi Tiano:For me, what worries me the
Luigi Tiano:most is the OT/ IT split
Luigi Tiano:where IT was traditional.
Luigi Tiano:They know how to protect that.
Luigi Tiano:And now there's the
Luigi Tiano:operational technology
Luigi Tiano:that's out there, which is,
Mark Salinas:Oh yeah.
Luigi Tiano:You have
Luigi Tiano:the gateway from the IP.
Luigi Tiano:Right.
Luigi Tiano:That's going into the operational.
Luigi Tiano:And that to me has become, I
Luigi Tiano:wouldn't say a mystery, but I
Luigi Tiano:think that's where there's a lot of
Luigi Tiano:uneasiness that's happening because
Luigi Tiano:the OT tip typically
Luigi Tiano:was kind of isolated.
Luigi Tiano:It was kind of black boxed.
Luigi Tiano:You couldn't get to it, and
Luigi Tiano:now you have this connectivity
Luigi Tiano:between the IP, which is
Luigi Tiano:managing all these devices.
Luigi Tiano:And that for me is something that
Luigi Tiano:I think we need to get better at.
Luigi Tiano:And I'm not sure there's
Luigi Tiano:a lot of expertise in the
Luigi Tiano:marketplace to do that right now.
Mark Salinas:There's some, but
Mark Salinas:it's like you know, the early
Mark Salinas:adopters are the guys, like
Mark Salinas:you, that are trying to sell the
Mark Salinas:solutions and that's all great.
Mark Salinas:That's all well and good.
Mark Salinas:I think, you're right back
Mark Salinas:in the day, it was some kind
Mark Salinas:of proprietary RS2, RS 422,
Mark Salinas:or RS 232 connectivity and
Mark Salinas:there's zone network now.
Mark Salinas:And I've seen them.
Mark Salinas:You've seen them.
Mark Salinas:It's smaller than your phone.
Mark Salinas:It's the size of a match book.
Mark Salinas:And it has some kind of
Mark Salinas:connector on it and then an
Mark Salinas:ethernet Jack, and I'm looking
Mark Salinas:at this, like, this is not good.
Mark Salinas:And so, yeah, no I have some kind
Mark Salinas:of water sensor, flood meters.
Mark Salinas:And that again, it's cute.
Mark Salinas:It's ethernet.
Mark Salinas:If my server room floods
Mark Salinas:this little, thing's
Mark Salinas:gonna send me a track.
Mark Salinas:Great.
Mark Salinas:But again, here's
Mark Salinas:this little thing.
Mark Salinas:It's running IP, which
Mark Salinas:means it has an OS.
Mark Salinas:No, I very much get it.
Mark Salinas:And I was just on a
Mark Salinas:call earlier today.
Mark Salinas:I said, start with segmenting.
Mark Salinas:First create an OT segment
Mark Salinas:first and foremost.
Mark Salinas:I've got some good
Mark Salinas:stories about that.
Mark Salinas:And what also bad.
Mark Salinas:You remember?
Mark Salinas:I think it was the target was the
Mark Salinas:hack through the air conditioner.
Luigi Tiano:There you go.
Mark Salinas:We had a clock.
Mark Salinas:I'm not gonna say the names.
Mark Salinas:We had a clock vendor.
Mark Salinas:Where they had that the app was
Mark Salinas:in the cloud and they got hacked.
Mark Salinas:And it's very clear that they
Mark Salinas:were not doing zoning correctly
Mark Salinas:because they hacked the cloud.
Mark Salinas:They hacked the user, which
Mark Salinas:then hacked the cloud.
Mark Salinas:And then that cloud
Mark Salinas:was connected to me.
Mark Salinas:And so it's very clear that
Mark Salinas:people are saying, wow, we
Mark Salinas:gotta watch the OT thing.
Mark Salinas:And then they're slapping the
Mark Salinas:OT right on the production.
Mark Salinas:And I just cringe and wanna cry.
Luigi Tiano:Yeah, I get it.
Mark Salinas:Even just so
Mark Salinas:you have its own segment,
Mark Salinas:like start with that.
Luigi Tiano:Yeah.
Mark Salinas:Then we'll then
Mark Salinas:we'll worry about it later.
Luigi Tiano:Yeah.
Luigi Tiano:Segmenting your network is
Luigi Tiano:definitely the first place you
Luigi Tiano:wanna start when especially when
Luigi Tiano:you have stuff that's unknown.
Luigi Tiano:So ultimately you're
Luigi Tiano:saying we're not ready.
Luigi Tiano:And, I share that opinion because
Luigi Tiano:I know there's a lot of stuff
Luigi Tiano:that we haven't even thought
Luigi Tiano:about when it comes to that.
Luigi Tiano:So we touched a little
Luigi Tiano:bit on skillset.
Luigi Tiano:We touched a little
Luigi Tiano:bit about the market.
Luigi Tiano:Right now, what's your best
Luigi Tiano:advice for companies dealing with
Luigi Tiano:the staffing issues that we're
Luigi Tiano:having and skillset shortages
Luigi Tiano:specifically when it comes to
Luigi Tiano:IT security, I'm seeing it.
Luigi Tiano:I'm assuming you're seeing it too.
Luigi Tiano:You wanna comment on that?
Mark Salinas:Two different things.
Mark Salinas:One is first and foremost, I think
Mark Salinas:every company larger than, I don't
Mark Salinas:know, some number thousand, 10,000,
Mark Salinas:2000 users needs a security guy.
Mark Salinas:Sorry, I'm from Jersey.
Mark Salinas:We say guy.
Mark Salinas:So every company bigger than X
Mark Salinas:should have a security person.
Mark Salinas:I don't mean a network
Mark Salinas:and, and, and no.
Mark Salinas:One guy, that's his only job.
Mark Salinas:That's their only job.
Mark Salinas:And so first you need one of
Mark Salinas:those, and then we get into okay,
Mark Salinas:that's where the shortage begins.
Mark Salinas:What business needs to do, the
Mark Salinas:big Googles, the big IBMs do it.
Mark Salinas:They have a training program
Mark Salinas:where they understand there's
Mark Salinas:a long haul and this was big
Mark Salinas:in the eighties and nineties.
Mark Salinas:And then they kind of died.
Mark Salinas:Now it's kind of coming back
Mark Salinas:with the Googles where you
Mark Salinas:say, okay, we're gonna hire
Mark Salinas:four analysts and willing full
Mark Salinas:well, two of 'em are gonna quit
Mark Salinas:and knowing full well, one of
Mark Salinas:'em may get promoted may not.
Mark Salinas:And we just need to
Mark Salinas:start at the bottom.
Mark Salinas:And at the bottom because of
Mark Salinas:time, it's say, alright, I'm
Mark Salinas:gonna hire four analysts.
Mark Salinas:And in two years I'm gonna
Mark Salinas:promote one or two of them.
Mark Salinas:And everyone corporate still,
Mark Salinas:I can't speak for Canada, but
Mark Salinas:corporate America still kind of
Mark Salinas:thinks this you're gonna take
Mark Salinas:the job and stay there forever.
Mark Salinas:Not if you're a smart,
Mark Salinas:ambitious engineer.
Luigi Tiano:Yeah.
Mark Salinas:You're either gonna
Mark Salinas:leave to go down the street.
Mark Salinas:Or you're gonna stay and
Mark Salinas:get promoted and corporate
Mark Salinas:needs to say, all right,
Mark Salinas:I'm gonna hire four people.
Mark Salinas:And one of you will get promoted
Mark Salinas:in two years, 18 months,
Mark Salinas:and the hungry, ambitious,
Mark Salinas:smart, they'll get promoted.
Mark Salinas:And then now we've got
Mark Salinas:now a tier two person.
Mark Salinas:And then same way for every
Mark Salinas:two or three tier two.
Mark Salinas:One of those get promoted to
Mark Salinas:tier three and corporate needs
Mark Salinas:to say, we're gonna have a flow.
Mark Salinas:We want you to stay.
Mark Salinas:And if you're our guy, you're gonna
Mark Salinas:move from tier one to two to three.
Mark Salinas:And certain amounts of time
Mark Salinas:based on benchmarks, the service
Mark Salinas:providers are kind of good at that.
Mark Salinas:And I say kind of, because
Mark Salinas:they're more forced
Mark Salinas:into it's the same boat,
Luigi Tiano:Right, yeah.
Mark Salinas:In a year or two,
Mark Salinas:the people that are young and
Mark Salinas:ambitious, ambitious, meaning
Mark Salinas:money are gonna quit for more
Mark Salinas:pay and corporate will say, well,
Mark Salinas:we don't wanna train the guy.
Mark Salinas:And then he leaves.
Mark Salinas:And I'm like, if you don't train
Mark Salinas:him, he's gonna leave anyway.
Luigi Tiano:Right.
Luigi Tiano:Exactly.
Luigi Tiano:There's a saying where, what if
Luigi Tiano:you train him and they leave,
Luigi Tiano:well, what if you don't train
Luigi Tiano:him and they stay that's just as
Mark Salinas:Right.
Mark Salinas:No, no.
Mark Salinas:I love that one.
Mark Salinas:I'm like, and everybody stares
Mark Salinas:at you, you're like, well,
Luigi Tiano:Yeah, yeah, yeah.
Mark Salinas:We need to go back
Mark Salinas:to, you know, kind of the old days
Mark Salinas:of saying, I'm gonna care and feed
Mark Salinas:meaning I'm gonna hire these four.
Mark Salinas:And I shouldn't say young cuz I'm
Mark Salinas:not, you know, less experienced
Mark Salinas:people that you're gonna grow.
Mark Salinas:And yes, half of 'em will quit.
Mark Salinas:Half of those half you'll wanna
Mark Salinas:quit cuz they're not your type
Mark Salinas:of people and that's okay.
Luigi Tiano:That's okay.
Mark Salinas:But again, we
Mark Salinas:need to hire four people with a
Mark Salinas:full understanding that you'll
Mark Salinas:be lucky to keep two of em.
Luigi Tiano:So along that line,
Luigi Tiano:like for us when I'm talking to
Luigi Tiano:clients and they're all looking
Luigi Tiano:for cyber experts and looking for
Luigi Tiano:infrastructure people, for me,
Luigi Tiano:what I basically say is, okay,
Luigi Tiano:well, prioritize your projects.
Luigi Tiano:Gimme a list of your projects.
Luigi Tiano:Because you're not gonna just
Luigi Tiano:develop staff or skillset
Luigi Tiano:overnight, the market is really
Luigi Tiano:such is drained right now.
Luigi Tiano:There's not a lot of
Luigi Tiano:people in the market.
Luigi Tiano:We know that.
Luigi Tiano:There's a lot of
Luigi Tiano:risk because of that.
Luigi Tiano:There's a lot of bad actors
Luigi Tiano:that take advantage of this.
Luigi Tiano:There's not a lot of people
Luigi Tiano:watching your enterprise,
Luigi Tiano:then you could be at risk.
Luigi Tiano:So what I'm basically telling
Luigi Tiano:customers is, give me a list
Luigi Tiano:of your projects for the next
Luigi Tiano:12 months, 18 months, and
Luigi Tiano:let just prioritize them and
Luigi Tiano:hoping 60% of those projects
Luigi Tiano:are in the security space.
Luigi Tiano:Really.
Luigi Tiano:I really hope just because,
Luigi Tiano:I mean, if you leave the door
Luigi Tiano:open, people are gonna come in.
Luigi Tiano:You know what I mean?
Luigi Tiano:That's kind of how I see it.
Luigi Tiano:I mean, there's no
Luigi Tiano:other way to go around.
Mark Salinas:The good news
Mark Salinas:is boards are expanding.
Mark Salinas:I've talked to lots of people.
Mark Salinas:I met this awesome CISO.
Mark Salinas:And she's like, in her first,
Mark Salinas:I don't know, month she's like,
Mark Salinas:I got the board to quadruple my
Mark Salinas:budget and I almost fainted.
Mark Salinas:I'm like, I would've settled
Mark Salinas:for double, but she's
Mark Salinas:like, no, I quadrupled it.
Luigi Tiano:She's good at
Luigi Tiano:selling her business case.
Luigi Tiano:That's great.
Mark Salinas:She's good.
Mark Salinas:Yeah, I very much
Mark Salinas:wanted to work for her.
Mark Salinas:It didn't work out that's okay.
Mark Salinas:But anyway, it's boards are
Mark Salinas:spending money, but again,
Mark Salinas:now we're back to, okay.
Mark Salinas:So if I give you a whole bunch
Mark Salinas:of money and I tell you to go
Mark Salinas:hire three people, I'm gonna
Mark Salinas:come back in three months
Mark Salinas:and say, how's it going?
Mark Salinas:You're gonna tell me not so great.
Mark Salinas:So half the advice I have
Mark Salinas:brings back to hire more people.
Mark Salinas:Oh yeah.
Mark Salinas:There are more people to
Mark Salinas:hire we're in this wheel.
Luigi Tiano:That's
Luigi Tiano:to my point, right?
Luigi Tiano:Let's look at your projects
Luigi Tiano:and then let's be realistic on
Luigi Tiano:which ones can be delivered and
Luigi Tiano:which ones need to be delivered.
Luigi Tiano:And because there's not gonna
Luigi Tiano:be more staff coming and that's
Luigi Tiano:why I'm always asking that
Luigi Tiano:question to anyone I speak
Luigi Tiano:about the IT shortages, and
Luigi Tiano:then I'm hoping that we're gonna
Luigi Tiano:see more people in the field.
Luigi Tiano:But, I mean, I'll
Luigi Tiano:be honest with you.
Luigi Tiano:I'm a little bit pessimistic
Luigi Tiano:when it comes to that
Luigi Tiano:cause I'm not seeing a lot of up
Luigi Tiano:and coming individuals in their
Luigi Tiano:early twenties who are looking
Luigi Tiano:at IT as an attractive place.
Luigi Tiano:I wish there were would
Luigi Tiano:be more, but right now
Luigi Tiano:it's kind of difficult.
Mark Salinas:I wanna be the
Mark Salinas:optimist and disagree with
Mark Salinas:you, but I'm not, I got Zippo.
Luigi Tiano:Well, again, that's
Luigi Tiano:why we're so busy I guess.
Mark Salinas:I feel like we
Mark Salinas:just need to do a grassroots.
Mark Salinas:It doesn't help us.
Mark Salinas:I'll be retired by the time
Mark Salinas:this plan goods through, but we
Mark Salinas:need to go to the young people.
Mark Salinas:My kids, and they were
Mark Salinas:like, Ooh, that's geeky,
Mark Salinas:like, Ooh, dirty geeky.
Mark Salinas:And I'm like, You
Mark Salinas:know, look at my car.
Mark Salinas:I got a nice car.
Mark Salinas:I paid for that.
Mark Salinas:I'm telling my own kids be
Mark Salinas:a geek and they go, yeah,
Mark Salinas:dad, we know you're a geek.
Luigi Tiano:It's a
Luigi Tiano:good place to be in.
Luigi Tiano:It's a great career.
Luigi Tiano:You get to work with smart people.
Mark Salinas:You're not
Mark Salinas:cool, but you could buy a much
Mark Salinas:cooler car than the cool guy.
Mark Salinas:So come on buddy.
Luigi Tiano:We should
Luigi Tiano:start a podcast on how
Luigi Tiano:to recruit young talent.
Mark Salinas:Dude, you
Mark Salinas:pull up in that that Audi or
Mark Salinas:that TransAm or whatever the
Mark Salinas:hot young person's car is.
Mark Salinas:Hopefully it's not a Prius, but
Mark Salinas:you pull up in the cool car.
Mark Salinas:People will just
Mark Salinas:assume you're cool.
Luigi Tiano:I get it
Mark Salinas:works for me.
Luigi Tiano:I get it.
Luigi Tiano:Yeah.
Luigi Tiano:Yeah.
Luigi Tiano:But TransAm, hasn't been
Luigi Tiano:out there for a while so
Luigi Tiano:that's dating ourselves.
Mark Salinas:Dating myself Camaro.
Luigi Tiano:It still is
Luigi Tiano:cool though for some people
Luigi Tiano:I'll have to be honest.
Mark Salinas:Hey you know,
Mark Salinas:try pull up on a McLaren
Luigi Tiano:there you go.
Mark Salinas:Think
Mark Salinas:we're gonna be like, yes.
Mark Salinas:Cool.
Luigi Tiano:You're
Luigi Tiano:right about that.
Luigi Tiano:And it is a career where
Luigi Tiano:you can achieve it.
Luigi Tiano:That's what people are
Luigi Tiano:gonna underestimate.
Luigi Tiano:So look, we're doing
Luigi Tiano:well with time, but I
Luigi Tiano:wanna respect your time.
Luigi Tiano:So I've got a couple minutes here.
Luigi Tiano:I have one last question, which
Luigi Tiano:I think we just touched on.
Luigi Tiano:So when it comes to the state
Luigi Tiano:of affairs, a cyber security
Luigi Tiano:in terms of getting companies,
Luigi Tiano:getting compromised or breached.
Luigi Tiano:Let's be honest here.
Luigi Tiano:Are things gonna get worse
Luigi Tiano:before they get better.
Luigi Tiano:Or are we on the
Luigi Tiano:road to success here?
Mark Salinas:That's
Mark Salinas:a great question.
Mark Salinas:I wish I had that crystal ball,
Mark Salinas:but I would say they're gonna
Mark Salinas:stay where they are because
Mark Salinas:companies can today go buy a
Mark Salinas:good EDR endpoint detection.
Mark Salinas:You can go buy today, a good
Mark Salinas:endpoint and have it managed.
Mark Salinas:A lot of those software makers
Mark Salinas:are providing protection.
Mark Salinas:If you have no people, but
Mark Salinas:you got a couple of box.
Mark Salinas:Anybody can go buy good
Mark Salinas:EDR and have it managed.
Mark Salinas:That is a big part of it.
Mark Salinas:I think that'll go a long way.
Mark Salinas:I think it's gonna be about
Mark Salinas:the same as it is today.
Mark Salinas:And it's gonna take a while
Mark Salinas:to get better because they're
Mark Salinas:just gonna, you know, OT, let's
Mark Salinas:say we secure all the PCs and
Mark Salinas:my PCs are actually secured.
Mark Salinas:Okay.
Mark Salinas:What's next OT.
Mark Salinas:You already said it.
Mark Salinas:It's already there, so, okay.
Mark Salinas:My PCs are safe, but
Mark Salinas:my OTs and channels.
Luigi Tiano:So you're saying
Luigi Tiano:we're flattening out now.
Luigi Tiano:Should we have seen the worst?
Mark Salinas:I think let's
Mark Salinas:call it a quality X today.
Mark Salinas:I think we're gonna stay at this
Mark Salinas:quality X for at least two years.
Luigi Tiano:Well, that's good.
Luigi Tiano:I mean it's obviously
Luigi Tiano:more optimistic.
Luigi Tiano:Well, it's more optimistic than I
Luigi Tiano:would've been, to be honest with
Luigi Tiano:you cuz I still see, we have some
Luigi Tiano:challenges in the enterprise, but
Luigi Tiano:I am seeing a lot more awareness.
Luigi Tiano:Right?
Luigi Tiano:So the awareness is good,
Luigi Tiano:which is the fundamental
Luigi Tiano:way to change things.
Luigi Tiano:So if awareness is there and people
Luigi Tiano:start engaging and taking a more
Luigi Tiano:responsible role in the day to
Luigi Tiano:day, I think we should be better.
Luigi Tiano:But again, the only variable
Luigi Tiano:there is that there's a lot
Luigi Tiano:more bad actors in the market.
Luigi Tiano:So there's more people out there
Luigi Tiano:trying to make your day worse.
Mark Salinas:Oh yeah.
Mark Salinas:I don't wanna say one
Mark Salinas:of the big emails.
Mark Salinas:Like every day, they make
Mark Salinas:it easy for the bad actors
Mark Salinas:to set up an account.
Mark Salinas:So a bad actor can set up a Gmail
Mark Salinas:ID of a GM 1 23 with a name Mark,
Mark Salinas:you know, with my name on it.
Mark Salinas:And so when you get an
Mark Salinas:email that says my name on
Mark Salinas:it, and you're like, oh,
Mark Salinas:Mark, sending me an email.
Mark Salinas:It's not, it's the bad actor, so.
Mark Salinas:There's some stuff that's
Mark Salinas:still so easy, but you have to
Mark Salinas:be cynical about any emails.
Mark Salinas:There was a group, this one
Mark Salinas:came in the guy had used
Mark Salinas:someone else's LinkedIn.
Mark Salinas:And he was like reaching out
Mark Salinas:to people like his old friends.
Mark Salinas:It's possible that, you know, if
Mark Salinas:you're less cynical, you're like,
Mark Salinas:oh, I think I remember a Bob.
Mark Salinas:Yeah.
Mark Salinas:Bob's something, you know,
Mark Salinas:Hey Luigi, remember when you
Mark Salinas:and I worked at Verizon and
Mark Salinas:you'll be like, yeah, there
Mark Salinas:was like, please, there were a
Mark Salinas:hundred thousand people there.
Mark Salinas:So it's still a challenge.
Mark Salinas:We raise awareness, people say it,
Mark Salinas:and I'm hoping that they're scared
Mark Salinas:enough to not just click away.
Mark Salinas:If we're scared of anything,
Mark Salinas:it's just don't click without.
Luigi Tiano:I agree with you.
Luigi Tiano:Before we wrap up here to your last
Luigi Tiano:point, like, know the difference
Luigi Tiano:between spam and an actual
Luigi Tiano:phishing email, that's important.
Luigi Tiano:That's for sure.
Mark Salinas:I know this is spam.
Mark Salinas:Then the gift cards.
Mark Salinas:Oh my Lord.
Mark Salinas:Every week.
Mark Salinas:Hey, from the CEO, Dave.
Mark Salinas:Hey, so and so pick up some
Mark Salinas:gift cards for the team.
Mark Salinas:And it was so funny.
Mark Salinas:I never laughed so hard.
Mark Salinas:The directors that knew my
Mark Salinas:CEO said this guy's a cheap
Mark Salinas:SOB and there's no way he's
Mark Salinas:buying gift cards for the team.
Luigi Tiano:You didn't
Luigi Tiano:have to validate that.
Mark Salinas:I just laughed.
Mark Salinas:I'm like, okay, whatever works.
Mark Salinas:That was fun.
Mark Salinas:Good times.
Luigi Tiano:Mark.
Luigi Tiano:Before we wrap up do you
Luigi Tiano:have any questions for me?
Mark Salinas:Is there a good
Mark Salinas:target market for you in terms
Mark Salinas:of who you're dealing with?
Mark Salinas:Is it more the midsize?
Luigi Tiano:Yeah, it's tricky
Luigi Tiano:cause in midsize in Canada versus
Luigi Tiano:US midmarket is a little different.
Luigi Tiano:So our large enterprise
Luigi Tiano:ends up being your
Luigi Tiano:midmarket there in the US.
Luigi Tiano:Kind of right.
Luigi Tiano:Here at Assurance IT we typically
Luigi Tiano:deal with the mid-market companies,
Luigi Tiano:anything to do from, I'd say
Luigi Tiano:250 employees to 3000 employees.
Luigi Tiano:It's a wide sweet spot, but it's
Luigi Tiano:a good sweet spot because going
Luigi Tiano:back to your point earlier,
Luigi Tiano:there's a lot of need there.
Luigi Tiano:There's a lot of
Luigi Tiano:requirements there.
Luigi Tiano:Some companies have
Luigi Tiano:grown tremendously.
Luigi Tiano:They got a whole bunch of new
Luigi Tiano:employees on staff and they
Luigi Tiano:just haven't been able to keep
Luigi Tiano:up with the security demands.
Luigi Tiano:I've worked in large
Luigi Tiano:enterprise myself before.
Luigi Tiano:I enjoy it.
Luigi Tiano:The only thing I can say is,
Luigi Tiano:without knocking anyone, there
Luigi Tiano:are longer cycles to get things
Luigi Tiano:done sometimes, you know?
Luigi Tiano:So, I mean, again, it's
Luigi Tiano:just a matter of cycles.
Luigi Tiano:Budgets come in and you have
Luigi Tiano:to go ahead and they have to
Luigi Tiano:deliver a project and so on.
Luigi Tiano:But we find that in the midmarket
Luigi Tiano:space where companies need
Luigi Tiano:to react quicker, they have
Luigi Tiano:less layers of management.
Luigi Tiano:They're a lot more nimble.
Luigi Tiano:They see a need, they
Luigi Tiano:go get budget approval.
Luigi Tiano:Business cases are
Luigi Tiano:approved a lot quicker.
Luigi Tiano:And then we move.
Luigi Tiano:So that's who our targets are.
Luigi Tiano:We're seeing a lot of success
Luigi Tiano:in there and we attribute a
Luigi Tiano:lot of process into the game.
Luigi Tiano:It's great that you throw a tool
Luigi Tiano:at it, of course, but you have to
Luigi Tiano:also have a process to make sure
Luigi Tiano:that, business continuity only
Luigi Tiano:plans, make sure that you've got
Luigi Tiano:an awareness program in place.
Luigi Tiano:And what are you
Luigi Tiano:doing to measure that?
Luigi Tiano:Those are all things that
Luigi Tiano:companies kind of forget
Luigi Tiano:when they install a tool.
Luigi Tiano:So tools, processes, and people.
Luigi Tiano:It's very important.
Mark Salinas:No,
Mark Salinas:you're spot on spot on.
Luigi Tiano:Well, Mark,
Luigi Tiano:any other questions?
Mark Salinas:No, no, no.
Mark Salinas:I just was gonna throw out some
Mark Salinas:crazy idea, but that's what we're
Luigi Tiano:go ahead.
Luigi Tiano:What's the crazy idea, man?
Mark Salinas:Dismiss
Mark Salinas:these frameworks.
Mark Salinas:I very much appreciate what
Mark Salinas:they're doing, but, I got a
Mark Salinas:crazy thought listening to you
Mark Salinas:cuz you inspire thought Luigi.
Mark Salinas:Yeah.
Mark Salinas:That's that's a quite,
Mark Salinas:quite high praise.
Mark Salinas:Cuz I'm working on NIST and I
Mark Salinas:like NIST in that it's plain.
Mark Salinas:Like I get it 90 days
Mark Salinas:for password expiration.
Mark Salinas:Okay.
Mark Salinas:I know what that means.
Mark Salinas:I know what to do about it.
Mark Salinas:It's easy.
Mark Salinas:But it's also 140 checkboxes.
Mark Salinas:That's a lot of checkboxes.
Mark Salinas:I think maybe the industry
Mark Salinas:should push for like a NIST
Mark Salinas:light, kind of like, first
Mark Salinas:grade, if you can get to this
Mark Salinas:first level, you're not perfect.
Mark Salinas:You're not a defense
Mark Salinas:contractor level, but
Mark Salinas:you're at least somewhere.
Luigi Tiano:Yes.
Mark Salinas:And so
Mark Salinas:that would be like spam.
Mark Salinas:And the good news is you can
Mark Salinas:get a spam service and an EDR
Mark Salinas:service and a web hosting service.
Mark Salinas:I'm seeing web hosting companies
Mark Salinas:offer managed WAF that as
Mark Salinas:part of managing the app.
Mark Salinas:I'm like, okay, now we're talking.
Mark Salinas:I mean, I know you gotta pay for
Mark Salinas:it obviously, but versus hiring
Mark Salinas:a WAF person, not happening.
Mark Salinas:So if I can buy a server hosting
Mark Salinas:along with the whole WAF layer.
Mark Salinas:There you go.
Luigi Tiano:Yeah.
Luigi Tiano:Mark, that's a very good point.
Luigi Tiano:So what we do is, again, some of
Luigi Tiano:the companies just don't have the
Luigi Tiano:exhaustive time or the effort to go
Luigi Tiano:through these weeks or month long
Luigi Tiano:situations where they have to
Luigi Tiano:go through frameworks and so on.
Luigi Tiano:We leverage very often in Canada,
Luigi Tiano:we have what we call cyber secure
Luigi Tiano:Canada, which essentially is
Luigi Tiano:like 13 controls that, they're
Luigi Tiano:published, they're online.
Luigi Tiano:Easy to read, easy to consume.
Luigi Tiano:Anyone can understand them.
Luigi Tiano:And they're 13 security
Luigi Tiano:controls that are well aligned
Luigi Tiano:with a lot of the frameworks
Luigi Tiano:out there already today.
Luigi Tiano:They also align with what the cyber
Luigi Tiano:insurance companies are asking for.
Luigi Tiano:So when a customer comes to me
Luigi Tiano:and says, well, where do I start?
Luigi Tiano:I said, well, you can't go wrong
Luigi Tiano:by looking at these 13 points.
Luigi Tiano:Start with these.
Luigi Tiano:Do your self-assessment, you
Luigi Tiano:know, what are you doing today?
Luigi Tiano:Are you doing MFA?
Luigi Tiano:Are you doing the
Luigi Tiano:education awareness?
Luigi Tiano:Are you doing the backup?
Luigi Tiano:And then if you're not like,
Luigi Tiano:at least it doesn't come off
Luigi Tiano:as if I'm trying to push you
Luigi Tiano:something, it's a self-assessment
Luigi Tiano:that you can easily do yourself.
Luigi Tiano:And from there we say,
Luigi Tiano:okay, where's the gap?
Luigi Tiano:What are you missing?
Luigi Tiano:Let's go and fill those gaps.
Luigi Tiano:So I agree with you.
Luigi Tiano:I mean, there's a lot of
Luigi Tiano:frameworks out there and sometimes
Luigi Tiano:are overwhelming for people.
Luigi Tiano:So if an organization can
Luigi Tiano:self-assess themselves, It's a
Luigi Tiano:great start that way, it's coming
Luigi Tiano:from themselves versus someone
Luigi Tiano:else externally, and it's a way
Luigi Tiano:of keeping yourself honest and
Luigi Tiano:do that on a yearly, you know,
Luigi Tiano:just make sure on a yearly basis,
Luigi Tiano:you're keeping up with that.
Luigi Tiano:Cause again, if you don't have
Luigi Tiano:enough staff to go through all
Luigi Tiano:those processes, make sure there's
Luigi Tiano:someone there, like you said,
Luigi Tiano:that individual, that responsible,
Luigi Tiano:that can self-assess themselves.
Mark Salinas:Yep.
Mark Salinas:I like it.
Luigi Tiano:Well good.
Luigi Tiano:Listen, mark.
Luigi Tiano:This has been fantastic.
Luigi Tiano:I really appreciate going
Luigi Tiano:back and forth here.
Mark Salinas:Absolutely, man.
Mark Salinas:You inspire thought, dude,
Mark Salinas:you're making me think
Luigi Tiano:I'm
Luigi Tiano:gonna remember that.
Luigi Tiano:I gotta tell my family that one.
Mark Salinas:Sometimes
Mark Salinas:things I don't wanna think
Mark Salinas:about, but that's, you know,
Luigi Tiano:that's what
Luigi Tiano:we're for, we gotta keep
Luigi Tiano:ourselves on our toes.
Mark Salinas:Hey, real quick.
Mark Salinas:On the cyber insurance met
Mark Salinas:some interesting contacts.
Mark Salinas:One, the cyber insurance
Mark Salinas:guys are taking a bath.
Mark Salinas:They're getting soaked.
Mark Salinas:So either they weren't good
Mark Salinas:at assessing or whatever it
Mark Salinas:is, they're taking a bath.
Mark Salinas:So they're jacking up their rates.
Mark Salinas:I know personally speaking,
Mark Salinas:our rates went up despite
Mark Salinas:reaching compliance.
Mark Salinas:So our security posture went
Mark Salinas:up and our rates still went up.
Mark Salinas:Second.
Mark Salinas:I got audited by one of those guys.
Mark Salinas:I almost ripped in the shreds and I
Mark Salinas:almost got thrown out of the room.
Mark Salinas:He didn't like a lot
Mark Salinas:of service accounts.
Mark Salinas:We're big on service accounts,
Mark Salinas:you know, machine logs in, machine
Mark Salinas:X and then you know who it is.
Mark Salinas:And this guy, like, nah, too many
Mark Salinas:service accounts are too tedious.
Mark Salinas:And I'm like, so you want me to
Mark Salinas:share logins and share passwords?
Mark Salinas:And like he wanted to say yes,
Mark Salinas:but he knew where I was going.
Mark Salinas:And I just was like, this
Mark Salinas:guy doesn't deserve his job.
Mark Salinas:If he thinks that sharing
Mark Salinas:service accounts is a good idea.
Mark Salinas:It should be canned.
Mark Salinas:That's a little harsh, bro.
Luigi Tiano:You got 'em there.
Luigi Tiano:That's good.
Luigi Tiano:But you're right about the
Luigi Tiano:cyber insurance policies and
Luigi Tiano:what we're seeing also is
Luigi Tiano:that they'll get approved
Luigi Tiano:with a lot of contingencies, a lot
Luigi Tiano:of if you don't comply by X date,
Luigi Tiano:we're gonna just pull it away.
Luigi Tiano:Well, I mean, they'll
Luigi Tiano:prove you on a renewal.
Luigi Tiano:We work with a couple of
Luigi Tiano:cyber insurance companies.
Luigi Tiano:And what we're seeing
Luigi Tiano:is the renewals are the
Luigi Tiano:hardest things right now.
Luigi Tiano:So forget the net new customers.
Luigi Tiano:It's the actual renewals cuz
Luigi Tiano:they were giving policies away.
Luigi Tiano:Right?
Luigi Tiano:A lot of policies.
Luigi Tiano:They were just writing them
Luigi Tiano:up, everyone was buying
Luigi Tiano:them and everyone was cool
Luigi Tiano:three, four years ago.
Luigi Tiano:But now upon renewal, the
Luigi Tiano:underwriting companies are
Luigi Tiano:saying, well, wait a second.
Luigi Tiano:We don't wanna assume that
Luigi Tiano:risk because we know that
Luigi Tiano:they're in an industry or they
Luigi Tiano:don't have the staff to manage
Luigi Tiano:the risk associated with it.
Luigi Tiano:And, according to our books,
Luigi Tiano:they're getting hacked every day.
Luigi Tiano:So regardless of jacking up the
Luigi Tiano:prices, they won't renew them
Luigi Tiano:unless they do certain things.
Mark Salinas:And I agree
Mark Salinas:with that, but where's
Mark Salinas:that line, you know?
Luigi Tiano:Insurance companies
Luigi Tiano:are not in the business of
Luigi Tiano:losing money mark, as you know.
Mark Salinas:No, they're not.
Mark Salinas:And so I get it, but it's sort
Mark Salinas:like, are you gonna have a guy
Mark Salinas:like clearly the last security
Mark Salinas:assessor knew way less than I did?
Luigi Tiano:Yeah.
Luigi Tiano:Well, again, it goes back
Luigi Tiano:to the skillset lacking.
Luigi Tiano:There's a lot of skillset lacking
Luigi Tiano:in the field and they've got their
Luigi Tiano:check boxes that they go through.
Luigi Tiano:So I guess it's an
Luigi Tiano:interesting field.
Luigi Tiano:There's a lot, a lot of challenges.
Luigi Tiano:And I think for me, there's a lot
Luigi Tiano:of exciting stuff coming ahead.
Luigi Tiano:I think we're only in the
Luigi Tiano:infancy when it comes to really
Luigi Tiano:protecting the enterprise,
Luigi Tiano:the individual and so on.
Mark Salinas:And real quick,
Mark Salinas:again, sort of on the personal
Mark Salinas:advice level, we used Dark Trace.
Mark Salinas:Dark Trace is fascinating,
Mark Salinas:but the end of the day it
Mark Salinas:was more of a time suck.
Mark Salinas:When Dark Trace said, you better
Mark Salinas:look at this, there goes an
Mark Salinas:hour to three hours of your day.
Luigi Tiano:Wow.
Mark Salinas:It's a cool tool,
Mark Salinas:but it's not a hundred percent.
Mark Salinas:So twice it was either legit
Mark Salinas:software or just a mixture
Mark Salinas:of bad events or not bad,
Mark Salinas:just mislabeled events.
Mark Salinas:You know, oh, AI and self learning
Mark Salinas:and hoorah, I'm gonna sit back
Mark Salinas:and it's gonna tell me stuff.
Mark Salinas:No, it says, look at this and now
Mark Salinas:take four hours outta your day.
Mark Salinas:There's some neat tools, but
Mark Salinas:we're back to, here's a tool
Mark Salinas:that is gonna take three
Mark Salinas:hours, two hours on my day.
Luigi Tiano:Exactly.
Luigi Tiano:That's a good point.
Luigi Tiano:Yeah.
Luigi Tiano:Agreed.
Luigi Tiano:Well, mark, I have to officially
Luigi Tiano:thank you for taking the time.
Luigi Tiano:It was a pleasure.
Luigi Tiano:It was an honor,
Mark Salinas:absolutely.
Luigi Tiano:To spend
Luigi Tiano:the time with you.
Luigi Tiano:And I know we're gonna continue
Luigi Tiano:this conversation online and
Luigi Tiano:in person one day and again
Luigi Tiano:wishing you a great day.
Mark Salinas:Thank you
Mark Salinas:Luigi real pleasure, man.
Mark Salinas:It's absolutely a blast.
Mark Salinas:So we'll have to keep in touch
Mark Salinas:and fix stuff as it breaks.
Mark Salinas:And Ugh, I don't know.